Add gateways to an existing VPN

You can add new gateways to route-based and policy-based VPNs.

If you have already configured a policy-based VPN, you can add new gateways as needed.

For more details about the product and how to configure features, click Help or press F1.

Steps

Create a gateway element to represent the physical gateway device in VPNs if the element does not exist already.
VPN Gateway elements are automatically created for Forcepoint NGFW in the Firewall/VPN role. The same element can be used in many VPNs.
If the VPN uses certificates for authentication, you might need to create a VPN certificate for the gateway.
The same certificate can be used in many VPNs, providing it fulfills the following criteria:
- The certificate must match the type of certificate selected for the VPN in the VPN Profile.
- The certificate must be issued by a certificate authority that the other Gateways trust.
Add the gateway to a policy-based VPN or to a Route-Based VPN Tunnel element.
- Edit the Policy-Based VPN element to add the gateway on the Site-to-Site VPN tab.
- Edit the Route-Based VPN Tunnel, and select the gateway.
Check and adjust the tunnels between the new gateway and the existing gateways.
Refresh the policies of all NGFW Engines that are involved in the tunnels.

Engine Editor > VPN

Use this branch to view the VPN Gateway elements associated with the NGFW Engine, and the VPNs where the VPN Gateway elements are used. You can optionally add more VPN Gateway elements.

Option	Definition
Add (Optional)	Adds a VPN Gateway element to the NGFW Engine. One VPN Gateway element is automatically created for each NGFW Engine. You can use the same VPN Gateway element in multiple VPNs. You might need to add VPN Gateway elements if you want to use different endpoint IP addresses in different types of VPNs. Click Remove to remove the selected element.
Endpoints
Enabled	When selected, the endpoint IP address is active.
Edit	Opens the Properties dialog box for the endpoint.